China’s 360 unveils ‘Mythos rival’ in AI cyber-tools race

TL;DR:

  • Chinese cybersecurity firm 360 says it has built a domestic answer to Anthropic’s Mythos, the AI system that finds software vulnerabilities.
  • Founder Zhou Hongyi unveiled two tools, claiming one found 3,432 flaws, and framed the technology as a strategic asset China “cannot afford to lack”.
  • It is the most high-profile Chinese response yet to a model that has alarmed Washington and the cyber industry.

China’s race to close the frontier gap now has a security dimension. At a Beijing conference, 360 Security Technology unveiled what it calls a domestic equivalent of Anthropic’s Mythos — the vulnerability-finding model that US officials recently barred from export on national-security grounds.

A martial-arts brand for a strategic weapon

Founder Zhou Hongyi launched two tools under the banner “Yitian Tulong”, drawn from a classic Chinese novel. One, “Tulongfeng”, automatically discovers software flaws — “China’s version of Mythos”, he said — while a second automates cyber defence. 360 claims Tulongfeng has found 3,432 vulnerabilities, 105 confirmed by Chinese authorities, though Reuters could not verify the figures.

Zhou’s framing was unusually blunt: a tool that can reshape cyber offence and defence “cannot be held only by others”. He warned of “one-way transparency” if US firms could scan systems with Mythos-class models while Chinese rivals could not. Tellingly, he conceded domestic models still trail by “20%-30% in base capability”, and said 360 was taking an “agent” route — pairing models with vulnerability databases and security expertise rather than chasing the strongest model and chips outright, a workaround shaped by years of US export controls on advanced semiconductors.

The move underlines warnings closer to home. UK and allied agencies recently cautioned that the AI cyber threat is “months, not years” away, and Anthropic itself has said Mythos uncovered flaws in classified US systems. A capable Chinese counterpart shortens that timeline further.

Looking forward

If both Washington and Beijing field models that can find exploitable flaws at scale, the advantage tilts toward whoever patches fastest. For UK firms and infrastructure operators, the practical takeaway is that vulnerability-hunting AI is becoming a standard part of the threat landscape — making patch discipline and defensive AI investment less optional than ever.

Share this article